Purposes
and Scopes of the Information Safety
Management
The information safety management is to
secure the safety and stability of the
internet and avoid errors in systems and
damages in digital files, which lead to
the suspension of the company
operations. The Company has formed the
policies and protocols of information
safety, which regulate the usage of
information systems, internet, PCs, and
emails to ensure the safety of the
Company.
The
Framework of the Information Safety Risk
The Company has established information
safety sector in January 2022 and appointed
a chief information officer in August, who
supervises the information safety manners in
the Company and holds cross department
meeting periodically to review the
performance and coordinate the resources.
The
Policies of the Information Safety
1. Follow the regulation and popularize the
awareness of information safety.
2. Value risk management and ensure
information safety.
3. Require full implementation and pursue
ongoing improvement.
The
Information Safety Control Measures
1. Build firewalls, IPS, malicious address
filters, and APT to prevent from exterior
attacks.
2. Set clearance for internet, emails, and
USB drives to prevent confidential the leak
of information.
3. Periodically change the password,
activate the complexity of password
settings, and enhance ID verification.
4. Install antivirus software and update the
virus codes as well as develop principles of
safe access.
5. Implement SOC, virus alerts, daily system
log analysis, and contingency actions to
prevent the risk and damage from expansion.
6. Information equipment requires access
control and CCT with the support of
uninterruptible power supply systems as well
as fire drills to strengthen the safety.
7. Provide annual information safety
training and tests to increase the
information safety awareness of employees.
8. Review information safety polices and
regulations annually, pay attention to
related issues and development,
and make responding plans to ensure the
adequateness and effectiveness.
The
Information Safety Operation Status
At least once a year
report the information risk management
operation status to the board and discuss to
modify related regulations. The latest date
of reporting to the board was May 23th
2023.